package com.zh.oauth.config;

import com.zh.oauth.securety.UserDetailsServiceImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;


@Configuration
@EnableWebSecurity
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private static final Logger log = LoggerFactory.getLogger(WebSecurityConfiguration.class);

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        // 设置默认的加密方式
        return new BCryptPasswordEncoder();
    }


    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        return new UserDetailsServiceImpl();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 使用自定义认证与授权
        auth.userDetailsService(userDetailsService());
    }


    // 前端静态资源放行
    @Override
    public void configure(WebSecurity web) throws Exception {
        // 将 不需要拦截的路径暴露出去，否则资源服务器访问时报 403 错误
        web.ignoring()
                .antMatchers("/login/account")
                .antMatchers("/login/logout")
                .antMatchers("/login/getAuth")
                .antMatchers("/login/mobile")
                .antMatchers("/fhb/getToken")
                .antMatchers("/risk/call/**")
                .antMatchers("/oauth/check_token")
                .antMatchers("/authManage/**")
                .antMatchers("/authClient/refreshToken");
    }

    // 后端资源请求放行接口
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/login/**").permitAll()
                .antMatchers("/fhb/**").permitAll()
                .antMatchers("/risk/call/**").permitAll()
                .antMatchers("/login/account").permitAll()
                .antMatchers("/login/logout").permitAll()
                .antMatchers("/login/getAuth").permitAll()
                .antMatchers("/login/mobile").permitAll()
                .antMatchers("/authManage/**").permitAll()
                .antMatchers("/oauth/token").permitAll()
                .antMatchers("/authClient/refreshToken").permitAll()
                .antMatchers("/oauth/check_token").permitAll()
                .antMatchers("/swagger-ui.html").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/images/**").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/v2/api-docs").permitAll()
                .antMatchers("/configuration/ui").permitAll()
                .antMatchers("/configuration/security").permitAll()
                .and().authorizeRequests().anyRequest().authenticated()
                .and()
                .exceptionHandling()
                .and()
                .httpBasic()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf().disable()   ;
    }
}
